Server Certificates in IIS 8
Create Certificate Request
,
Domain Certificate
,
IIS
,
IIS 8
,
IIS Certificate
,
Install Certificate
,
Self signed certificate
,
Server Certificate
1 comment
Server Certificates in IIS 8
Certificates are part of Secure Sockets Layer (SSL) encryption. Server certificates enable users to confirm the identity of a Web server before they transmit sensitive data, such as a credit card number. Server certificates also contain the server's public key information so that data can be encrypted and sent back to the server.
To know how to use this feature follow the below steps.
#1. Open the Internet Information Services (IIS) Manager. You can open IIS from the Start screen by searching for the "inetmgr" command in the search box or writing the same in the Run window.
#2. Click on the Server node.
#3. From the features pane (center pane), double click on the "Server Certificates" which is under the IIS features section.
#5. As you see in the above tables, Actions pane elements are used in the process of creating the certificate request and competing the same. Let's have a deeper look into the Action pane elements.
Certificates are part of Secure Sockets Layer (SSL) encryption. Server certificates enable users to confirm the identity of a Web server before they transmit sensitive data, such as a credit card number. Server certificates also contain the server's public key information so that data can be encrypted and sent back to the server.
To know how to use this feature follow the below steps.
#1. Open the Internet Information Services (IIS) Manager. You can open IIS from the Start screen by searching for the "inetmgr" command in the search box or writing the same in the Run window.
#2. Click on the Server node.
#3. From the features pane (center pane), double click on the "Server Certificates" which is under the IIS features section.
#4. Once you opened the server certificates, you will be able to see some elements in the Actions Pane and Features Pane.
Following tables gives brief introduction to those elements.
Action Pane Elements:
| Element Name | Description |
|---|---|
| Import | Opens the Import Certificate dialog box to restore a lost or damaged certificate that you previously backed up, or to install a certificate sent to you by another user or certification authority (CA). |
| Create Certificate Request | Opens the Request Certificate wizard to provide information about your organization to an external certification authority. |
| Complete Certificate Request | Opens the Complete Certificate Request dialog box to install the certificates that you receive from your certification authority. |
| Create Domain Certificate | Opens the Create Certificate wizard to provide information about your organization to an internal certification authority. |
| Create Self-Signed Certificate | Opens the Create Self-Signed Certificate dialog box to create certificates to use in server testing environments and for troubleshooting third-party certificates. |
| Enable/ Disable Automatic Rebind of Renewed Certificate | Automatically rebind a renewed certificate by using Certificate Rebind. |
| View | Opens the Certificate dialog box so that you can view details about a certificate. Select a certificate to see this option. |
| Export | Opens the Export Certificate dialog box to export certificates from a source server when you want to apply the same certificate to a target server, or when you want to back up a certificate and its associated private key. Select a certificate to see this option. |
| Remove | Removes the item that is selected from the list on the feature page. Select a certificate to see this option. |
Feature pane Elements:
| Element Name | Description |
|---|---|
| Name | Displays the names of certificates that have been issued to clients that are running on either Internet or intranet hosts. |
| Issued To | Displays the FQDNs (Fully Qualified Domain Name) of either the Internet or intranet hosts to which certificates have been issued. |
| Issued By | Displays the FQDNs of servers that have issued certificates to clients that are running on either Internet or intranet hosts. |
| Expiration Date | Displays the date that the certificate expires. |
| Certificate Hash | Displays binary data produced by using a hashing algorithm. Although this data uniquely identifies a certificate, the hash data cannot be used to trace a certificate because hashing is a one-way process. |
| Certificate Store | Displays the name of the provider that stores the certificate. |
#5. As you see in the above tables, Actions pane elements are used in the process of creating the certificate request and competing the same. Let's have a deeper look into the Action pane elements.
Create Certificate Request
- The first step in creating the server certificate is to generate a certificate request. This request can be submitted to a CA, which will, in turn, generate a certificate that can be installed on the server.
- Certificate requests can only be configured at a server level. Once a certificate has been installed, it can then be configured for use at a website level.
- For creating the Certificate Request, Click on the Create Certificate Request in the actions pane to begin the process.
- Enter the details in the opened dialog box.
- Common name property should be filled in with the server name upon which the website will be answering requests. The remaining fields should be filled in according to the legal status of your organization. Depending on the CA you submit this request to and the type of certificate you are requesting, the CA may verify these details before issuing you a certificate. See the below image if any help required in filling that.
After filling the details, click on Next to continue.
Click on OK to install the certificate.
Create Domain Certificate
A domain certificate is an internal certificate that does not have to be issued by an external certification authority (CA). If your Windows domain has a server that acts as a CA, you can create a domain certificate. This approach helps you reduce the cost of issuing certificates and eases certificate deployment.
To request and install a certificate using the Domain Certificate Request, follow the below steps.
When a CA is not available, a self-signed certificate may be all that is required. This is particularly true in development environments where a developer may simply wish to test that his or her application works over SSL/TLS. A self-signed certificate is one where the server signs its own certificate. Because no machine other than the server trusts it as a CA, any remote machine accessing the site will result in a warning being displayed to the user. To create self signed certificate follow the below steps.
View
To view the server certificate installed on your server follow the below steps.
Reference: Professional Microsoft IIS 8
- Select the cryptographic provider and bit length that you want to use for this certificate. At the time of writing, 2,048-bit key lengths are considered secure for the foreseeable future. Longer key lengths can be chosen to provide additional security; however, selecting a longer key length puts additional load on both the client and server when performing the SSL/TLS handshake. See the below image if any help required in filling that.
Click on Next to continue
- Choose a file name to save the certificate request to, as shown in below image, and click Finish to close the wizard.
Note: If you didn't specify the file name with path, then that will saved in <Rootfolder>/Windows/System32 directory (C:/Windows/System32)
At this point, a Certificate Enrollment Request exists in the local machine's certificate store that
corresponds with the certificate request file that was just generated. After submitting the certificate
request to a CA and receiving your certificate, the new certificate will match the pending Certificate
Enrollment Request.
To view the Certificate Enrollment Request:
1. In the Windows Start screen, type mmc.exe, and press Enter or type the same in Run window.
2. Select File and then Add/Remove Snap in.
3. Select the Certificates snap-in and click Add. Click OK to exit all the dialogs.
4. Expand the Certificate Enrollment Requests node to see all pending requests.
The generated certificate request file is now submitted to a CA, which generates a signed certificate. The higher-assurance certificates (that tend to cost more money) involve additional due diligence by the CA.
Complete Certificate Request
- Once you receive the certificate from the CA, click on Complete Certificate Request which is in the Actions pane.This will open the Complete Certificate Request wizard.
- Enter the details in that wizard.
Friendly name : Enter the friendly name with which you can easily recognize the certificate.
Certificate Store : You will be able to see two options in that named Personal and Web store. The Web Hosting store works like the Personal store, so all of the existing tools work in the same way. The main difference between Web Hosting store and Personal store is that Web Hosting store is designed to scale to higher numbers of certificates.Create Domain Certificate
A domain certificate is an internal certificate that does not have to be issued by an external certification authority (CA). If your Windows domain has a server that acts as a CA, you can create a domain certificate. This approach helps you reduce the cost of issuing certificates and eases certificate deployment.
To request and install a certificate using the Domain Certificate Request, follow the below steps.
- Click on the Create Domain Certificate to begin the certificate request generation process.
- This will open a new wizard like the wizard opened for Create Certificate Request. Fill the details in that wizard and click on Next to continue the process.
- Enter your CA address in the Online certificate Authority text box. The CA name takes the form of the Common Name entered when installing Active Directory Certificate Services (by default, <domain name>-<server name>-CA), followed by the FQDN. and enter the friendly name with which you can recognize the certificate easily.
- Click on Finish to complete the wizard and submit the request to the designated CA. The certificate will automatically be issued by the CA and installed into the local machine certificate store on the IIS 8.0 server.
When a CA is not available, a self-signed certificate may be all that is required. This is particularly true in development environments where a developer may simply wish to test that his or her application works over SSL/TLS. A self-signed certificate is one where the server signs its own certificate. Because no machine other than the server trusts it as a CA, any remote machine accessing the site will result in a warning being displayed to the user. To create self signed certificate follow the below steps.
- Click on the Create Self-Signed Certificate to begin the self signed certificate generation process.
- This will open a new wizard. Enter the friendly name in the provided text box and select the certificate store.
- Click on OK to create the self signed certificate.
View
To view the server certificate installed on your server follow the below steps.
- Click on any certificate in the feature pane, then you will be able to see the View option in the action pane.
- Click on the View to see the certificate. On clicking that will open up a dialog box which shows that certificate details.
Export
To export any certificate which is installed on your server follow the below steps.
- Click on any certificate in the feature pane, then you will be able to see the View option in the action pane.
- Click on the Export to take the backup of the certificate. On clicking that will open a wizard. Fill the details in that wizard.
- Export to will be the path where to save that certificate and password is required to secure the certificate and is also used at the time of importing the same.
- After entering the details click on OK to export the certificate.
Import:
This option provides the facility to restore the certificate on the server. There are some situation where you can use this option.
This option provides the facility to restore the certificate on the server. There are some situation where you can use this option.
- When you need to restore the certificate which you received the from any user or Certification Authority (CA).
- When the certificate that you restored previously got damaged or lost on the server.
When click on Import in actions page it will open a dialog box, enter the certificate details in that dialog box.
Certificate file : File location on your local machine.
Password : Enter the password that you entered while taking the backup
Certificate Store : You will be able to see two options in that named Personal and Web store. The Web Hosting store works like the Personal store, so all of the existing tools work in the same way. The main difference between Web Hosting store and Personal store is that Web Hosting store is designed to scale to higher numbers of certificates.
Check the check box Allow this certificate to be exported, if you want to export this certificate in future.
Certificate file : File location on your local machine.
Password : Enter the password that you entered while taking the backup
Certificate Store : You will be able to see two options in that named Personal and Web store. The Web Hosting store works like the Personal store, so all of the existing tools work in the same way. The main difference between Web Hosting store and Personal store is that Web Hosting store is designed to scale to higher numbers of certificates.
Check the check box Allow this certificate to be exported, if you want to export this certificate in future.
Once entered all the details click OK to import the certificate.
Remove
To Remove any certificate which is installed on your server follow the below steps.
- Click on any certificate in the feature pane, then you will be able to see the Remove option in the action pane.
- Click on the Remove, to remove that particular certificate.
- On clicking Remove, it will show a alert as follows.
Click on Yes to remove the certificate.
Reference: Professional Microsoft IIS 8
Subscribe to:
Post Comments
(
Atom
)
Well done srini
ReplyDelete